North Dakota University Server Breach Threatens Personal Information Of 290,000 People

FILE - In this July 31, 2013 file photo, Larry Skogen, acting chancellor of the North Dakota University System, reviews documents at a state Board of Higher Education meeting in Bismarck, N.D. Skogen approved the deal on the sale of a building at the University of North Dakota, but Grant Shaft, a member of the North Dakota Board of Higher Education, says he's worried about possible repercussions from the Legislature over the way the sale of the building was handled. (AP Photo/James MacPherson, F

BISMARCK, N.D. (AP) -- A North Dakota University System computer server that stores personal information on students, staff and faculty has been hacked, but nothing appears to have been compromised, Interim Chancellor Larry Skogen said Wednesday.

The security breach was discovered on Feb. 7, and the server was immediately locked down, Skogen told reporters on a teleconference.

Skogen said personal information - including Social Security numbers - of more than 290,000 current and former students and about 780 faculty and staff were on the server. North Dakota has 11 public colleges, including six four-year universities and five two-year schools.

"There is no evidence that the intruder accessed any of your information, but we can't rule out the possibility," Skogen said in a letter released to students, faculty and staff on Wednesday.

"It is very unfortunate that this happened," Skogen told reporters.

The university system has created a website (ndus.edu/data) and is organizing a call center to help people who have questions, officials said. The university system also will provide identity protection services for one year for anyone affected, Skogen said. Officials did not immediately know the cost of those measures.

Core Technology Services, the information technology arm of the North Dakota University System, discovered the "suspicious access." University system spokesman Darin King said law enforcement has been notified but declined to name specific agencies.

Officials said in a statement that "an entity operating outside the United States apparently used the server as a launching pad to attack other computers, possibly accessing outside accounts to send phishing emails."

"It certainly appears to be an offshore attack," Skogen said.

University system and law enforcement officials are continuing to investigate the cause of the security breach "and what we can do to prevent that from happening again," Skogen said.